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4 FAH-2 H-220 
INTERNAL CONTROLS 

(CT:DOH-29; 07-19-2013) 
(Office of Origin: CGFS/FPRA/FP) 

4 FAH-2 H-221 INTRODUCTION 

(CT:DOH-29; 07-19-2013) 

a. The internal controls built into the financial system and those imposed by the 
Bureau of tlie Comptroller and Global Financial Services (CGFS) policy must be 
effective and reasonable in regard to the volume of business. The U.S. 
disbursing officer (USDO) is held responsible for adherence to internal controls 
as described in this subchapter and elsewhere in 4 FAH-2 but may delegate 
some duties. When the USDO delegates the duties to subordinates, the USDO 
must formulate a procedure to ensure that the delegated tasks are being 
performed as required. If the presence of key individuals is a critical element in 
the process, the USDO must ensure that the proper individuals, or their 
alternates, are available for the operation. 

b. Failure to observe the internal controls can result in disciplinary action up to 
and including dismissal. The USDO should continually search for ways to 
improve internal controls within the office. 

4 FAH-2 H-222 INTERNAL CONTROLS AFFECTING 
PAYMENTS 

(CT:DOH-29; 07-19-2013) 

a. Entry of financial transactions into the financial system is restricted to 
documents that are certified or approved. 

b. The USDO should ensure that there is separation of duties and effective checks 
and balances for the creation and transmission of electronic funds transfer 
(EFT) payments consistent with the EFT software constraints or capabilities. 
Employees are authorized access to the systems to send EFT transfers in 
accordance with the various security policies. 

c. The EFT payments must be documented and reviewed by the USDO. The 
documentation must include the requirement that generated the EFT, the 
creation of the EFT, evidence of the transmission, and a confirmation that the 
EFT was processed by the financial institution. 

d. Payments greater than U.S. $1 million or equivalent must be approved by the 
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USDO. 

e. Non-electronic certifying system (ECS) vouchers or schedules must be 
examined for certification or USDO approval. 

f. For ECS vouchers, the USDO must verify that the names of the disbursing file 
authorizers are on file at the CGFS Center and with CGFS/DO prior to accepting 
and decrypting batches. 

g. The USDO must approve emergency payments. 

h. The USDOs at CGFS Charleston and Bangkok must initially review their 
respective reports from Treasury and system-produced reports reflecting the 
USDO accountability by the 3rd workday of the month. 

i. The check stock custodian should exercise controls over U.S. Treasury checks 
while in the process of preparation. The controls must be designed to protect 
against loss or theft, to prevent the release of imperfect checks, and to 
promptly disclose any discrepancy. The check stock custodian and the 
alternate will be the only two employees who have access to the check stock 
inventory records. 

j. The USDOs perform and document check stock reconciliations and report the 
results to the Director of Global Disbursing Operations on a quarterly basis. 

k. Only the check stock custodian and their alternate shall have the combination 
to the check stock vault. 

I. Two or more persons must participate in the daily payment cycle. 

m. An employee will be appointed to oversee the payment cycle. The appointed 
employee will not have access to all the functions required to perform the 
payment cycle, including printing checks and creation of funds transfers. 

n. If ECS is not being used, the USDO must use a valid. Government 

Accountability Office (GAO)-approved electronic sampling methodology to check 
the accuracy and certification of all payments and to ensure the integrity of the 
disbursing operations. 

4 FAH-2 H-223 INTERNAL CONTROLS AFFECTING 
SYSTEMS 

(CT:DOH-29; 07-19-2013) 

a. A proper separation of duties must exist and be reflected in the systems access 
profiles for all CGFS personnel. Access levels and passwords and/or IDs for all 
systems will be under the control of the information systems security officer 
(ISSO). The ISSO is responsible for establishing a unique password for each 
employee. Employees will not share passwords and/or IDs for information 
systems or software. Sharing of password and/or ID is a serious offense 
subject to possible disciplinary action. (Sharing is the use of an employee's 
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password and/or ID by another employee or an employee letting another 
employee use her or his password and/or ID.) Proprietary bank software 
programs used to transfer EFTs that include common passwords that are used 
by all authorized users are excluded from this requirement not to share 
passwords. 

b. Systems access within the disbursing module should be limited. Accounting 
employees should have access to only the accounting portion of the financial 
system. 

c. All stand-alone computers used to perform transfers of funds will be kept in a 
controlled environment accessible only to those employees authorized to use 
the computers. 

d. No employee will be authorized to perform the entire funds transfer process. 
Programs used to transfer funds are governed by strict separation of duties. 
The ISSO will not change access to information systems or software used to 
transfer funds without the written approval of the USDO. A written, signed 
request will be required and maintained by the ISSO to document changes. 

e. On an annual basis, the USDO, accounting chief, payroll chief, ISSO, and other 
officials at the CGFS Center will review the internal controls for all systems and 
verify that systems accesses for all CGFS personnel support the proper 
separation of duties. The review must be documented and sent to the 
Comptroller and Assistant Secretary for CGFS. 

4 FAH-2 H-224 INTERNAL CONTROLS AFFECTING 
ELECTRONIC FUNDS TRANSFER (EFT) 

(CT:DOH-29; 07-19-2013) 

a. The USDO is responsible for establishing and maintaining the controls specified 
in the Fedline Security Policy. The ISSO at each CGFS Center is the local 
security administrator for Fedline operations at the CGFS Center. 

b. Following a written request from the USDO, the ISSO will control and assign 
local user ID and will coordinate the action required to obtain a host user code 
and password for each user from the Federal Reserve Bank. 

c. The Fedline system will be configured so that data can only be imported into 
the system. Such input must be from the official financial system or other duly 
certified request. 

d. No Fedline transactions will be made without supporting documentation. 

e. Each CGFS Center will establish procedures to document Fedline payments 
made through the ACH using the ACDP 23 for Operating System. The Fedline 
payment confirmation (which is usually received two hours after the payment is 
sent) will become a supporting document for the Fedline payment. An 
individual who is not involved in either entering or approving the file will review 
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the Fedline transactions on a daily basis. All related documents should be 

maintained as supporting documentation for the payment. 

f. The person performing the Fedline procedure may not process a payment to 
their personal account. 

g. The USDO will, in cooperation with the ISSO, ensure that two employees are 
required to complete the process of importing files into Fedline and sending the 
files to the appropriate bank. One employee and an alternate should be 
responsible for importing the files into Fedline, and the USDO and an assistant 
USDO (as the USDO alternate) should be responsible for sending the files to the 
Federal Reserve Bank (FRB). 

h. Each USDO will establish written procedures to protect transmissions via the 
Society for Worldwide Interbank Financial Telecommunications (SWIFT), remote 
check printing, and other forms of EFT. 

4 FAH-2 H-225 INTERNAL CONTROLS AFFECTING 
OPERATIONS 

(TL:D0H-1; 06-13-2001) 

The combinations to the check stock vaults and all safes in the disbursing office 
must be changed when staff leaves, or once a year. 

4 FAH-2 H-226 THROUGH H-229 UNASSIGNED 
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